diff options
| author | Seth Mos <seth.mos@xs4all.nl> | 2008-06-05 08:59:26 +0000 |
|---|---|---|
| committer | Seth Mos <seth.mos@xs4all.nl> | 2008-06-05 08:59:26 +0000 |
| commit | 037b51b3839a8b904239fe06d8e604b70d7afd3d (patch) | |
| tree | 4756ef2da2c0f275fad7bc2b77cfd9d9ea9adce5 /etc/inc/vpn.inc | |
| parent | 730a49b501680992353ebe2f853f1eb8b4da5584 (diff) | |
| download | pfsense-037b51b3839a8b904239fe06d8e604b70d7afd3d.zip pfsense-037b51b3839a8b904239fe06d8e604b70d7afd3d.tar.gz | |
Make the vpn configuration add static routes on interfaces other then WAN.
link_carp_interface_to_parent() now correctly returns parent interface instead of always WAN.
Diffstat (limited to 'etc/inc/vpn.inc')
| -rw-r--r-- | etc/inc/vpn.inc | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 25ea54c..16a405b 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -264,6 +264,21 @@ function vpn_ipsec_configure($ipchg = false) { "{$sa}/{$sn} any -P in ipsec " . "{$tunnel['p2']['protocol']}/tunnel/{$rgip}-" . "{$ep}/unique;\n"; + + if($tunnel['interface'] <> "wan") { + /* static route needed? */ + if(preg_match("/^carp/i", $tunnel['interface'])) { + /* add endpoint routes to correct gateway on interface */ + $parentinterface = link_carp_interface_to_parent($tunnel['interface']); + $gatewayip = get_interface_gateway("$parentinterface"); + if($gatewayip) { + log_error("IPSEC interface is not WAN but {$tunnel['interface']}, adding static +route for VPN endpoint {$tunnel['remote-gateway']} via {$gatewayip}"); + mwexec("/sbin/route add -host {$tunnel['remote-gateway']} {$gatewayip}"); + } + } + } + } fwrite($fd, $spdconf); |
